Cyber Security Course to choose for 6 months training.

sanjeetsinghsanjeetsingh Registered Users Posts: 2 ■□□□□□□□□□
Which Security course/training should i opt for in my 6 months training for BE/BTech CSE ? In my present semester, I am developing a security framework on java ee. link:https://github.com/SanjeetSR/Security-Framework/tree/master/SecurityFramework Next i am planning MS in Cyber Security. I want to learn any cyber security course in my training which will help me in my MS Research. Which cyber course would be the best? I have heard about CHE , comptia security+,OSCP but don't know which is the best or any other? Note: I have not done the basic course(CCNA) and hence no practical experience in Networking. But, i can devote time to learn that course. Which course could assist my knowledge in web application threats(XSS, CSRF) ?But it would be beneficial to have a foundation of other aspects too.

Comments

  • OctalDumpOctalDump Member Posts: 1,722
    Sec+ is probably too general. CEH does cover web application threats, but again is a bit broad and shallow. I'd suggest reading the books for these, though. You can probably read through the books in a few days.

    OSCP is general penetration testing/hacking. It might be quite useful, though. They also have the OSWE certification which covers "advanced web application exploitation". Their training is non-traditional, though.

    Also more specific for your needs is GIACs Web Application Penetration Tester GWAPT: GIAC Web Application Penetration Tester but the course is quite expensive.

    GIAC and Offensive Security are more respected in this space, than, say EC Council.

    There are also courses covering explicitly secure programming, including for Java. Not sure if that is more what you are interested in. GIAC and EC Council both have these.

    With regards to networking skills, it gets a bit fuzzy with web exploits. For example, if an attacker finds a vulnerability in the web server software, then they will use that to get in. They don't care what the weakness is, if they can exploit it. So, whilst strictly speaking you can concentrate on just securing a web application, in the real world that is not sufficient. Or if the TCP stack implementation of the OS on the web proxy between the web application server and the firewall has a problem?

    In most cases, for web apps, you'd only be concerned with layer 3 (IP) and up, so a good chunk of something like CCNA wouldn't be relevant. But you might still be interested in how a packet is structured, what protocols are available, how they work. Some of the theory is useful, too. eg OSI model, connectionless vs connection oriented, or stateful vs stateless.

    So, it probably matters how specific or general you need to be for your research interests.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • sanjeetsinghsanjeetsingh Registered Users Posts: 2 ■□□□□□□□□□
    Thank you so much for the answer. I am aware of knowledge such as OSI model and a bit of how networking works but lack of practical knowledge. Since i want to do pursue MS i cyber security, building a good base would be a key. So sec+ seems a basic course. I haven't though of any research topic or any such key area as i have had a bit of exposure in only web application threats. Now sec+ course is not longer than a month. I can do one of the following choices in my 6 months: 1) Sec+ + CEH 2) Sec+ + CASP Should i utilise my time on above 2 courses or should i perform any other combination.?
Sign In or Register to comment.